From: Al V. <viro@ZenIV.linux.org.uk> - 2011-08-23 17:08:01
|
On Tue, Aug 23, 2011 at 06:58:18PM +0200, Richard Weinberger wrote: > What about this hack/solution? > While booting UML can check whether the host's vDSO contains > a SYSCALL instruction. > If so, UML will not make the host's vDSO available to it's > processes... Note that this is *only* for 32bit side of things. 64bit one works fine... I wouldn't search for SYSCALL in vdso, BTW - not when we have a good way to trigger that crap and recognize it. At boot time, fork a child. Have it traced with PTRACE_SYSCALL. Let it put recognizable values in registers and call __kernel_vsyscall(). Then let the parent do one more PTRACE_SYSCALL, then PTRACE_POKEUSER and set ebp to 0x69696969. PTRACE_CONT the sucker and let it report what it sees in ecx. If it's what we'd put there - fine, it looks safe. If it's 0x69696969 - we have a problem, no vdso for us. |